Scope of Signature Policies


In electronic commerce, trading partners often strive to maximize security and safety of transactions to achieve higher trust levels. The need to extend the elements of data, upon which trade partners can rely upon in order to assess the validity of electronic signatures, thus becomes of paramount importance. When two or more parties transact in an electronic business environment, they may need to determine the conditions under which a particular electronic signature can be used. A signature policy describes the scope and the usage of such electronic signature with a view to address the conditions of a given transaction context.

It is often also essential to determine the conditions under which an electronic signature can be deemed valid or become binding in a given business context. A signature policy, therefore, is a set of rules under which an electronic signature can be created and determined to be valid. In the words of ETSI TS 101 733 (European Telecommunications Standards Institute), a signature policy is:

" a set of rules for the creation and validation of an electronic signature, under which a digital signature can be determined to be valid."

The rationale of signature policies lies in Recital 6, of Directive 1999/93/EC, which stipulates that:

"Member States and Commission (shall) work together to promote development and use of signature verification devices, in the light of the recommendations in Annex IV and in the interest of the consumer."

Directive 1999/93/EC recommends the usage of all electronic signature support elements that can be useful to the end user of a service. A signature policy can be seen as a mechanism that enhances the level of trust attached to a transaction while supporting the verification of the identity of the signatory of a transaction. Another example of such additional trust elements that offered an enhanced level for electronic signatures is time stamping.

A signature policy defines the conditions of usage of an electronic signature within a given context. Context includes a business transaction, a legal regime, a role assumed by the signing party, etc. In a broader perspective, a signature policy can be seen as a means to invoke trust and convey information in electronic commerce by defining appropriately indicated trust conditions.

It is also desirable to include in signature policies additional elements of information associated with certain aspects of general terms and conditions that can claim relevance with the scope of the performed action and apply in a transaction. In such a case a signature policy might include content that relates it to the general conditions prevailing in a transaction, the discreet elements of a transaction procedure as provided by the various parties involved in building a transaction, as well as the prevailing certificate policy (Mitrakas, 2002).




Social and Economic Transformation in the Digital Era
Social and Economic Transformation in the Digital Era
ISBN: 1591402670
EAN: 2147483647
Year: 2003
Pages: 198

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net